Download
This repository is a curated collection of payload scripts and examples for the Hak5 Bash Bunny device, a programmable USB attack platform. Payloads demonstrate how the device can emulate human interface devices (keyboard/mouse), Ethernet adapters, serial gadgets, or mass storage to automate complex workflows once plugged into a host. The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. Because the device and its payloads are powerful, the repository emphasizes responsible use—training, red-team engagements with authorization, and awareness of legal/ethical boundaries.
Features
- A large library of payloads written in DuckyScript™ / Bash etc. for a variety of attack / audit scenarios
- Community-contributed payloads, allowing users to share custom payloads / extend the set
- Payloads organized in categories to help finding among many scripts (e.g. recon, exfiltration, HID attacks, etc.)
- Documentation and examples to help users get started and test payloads
- Disclaimers with legal guidance; warning that payloads may do destructive or intrusive things and users must use responsibly
- Support for configuration aspects (LED, switch positions on the Bash Bunny, host IP, etc.) within many payloads
Project Samples
